CompTIA PenTest+ (PT0-002) — Question 48

A penetration tester discovers a web server that is within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

Answer options

• A. Forensically acquire the backdoor Trojan and perform attribution.
• B. Utilize the backdoor in support of the engagement.
• C. Continue the engagement and include the backdoor finding in the final report.
• D. Inform the customer immediately about the backdoor.

Correct answer: D

Explanation

The correct action is to inform the customer immediately about the backdoor, as they need to be aware of any security breaches affecting their systems. Utilizing the backdoor or continuing the engagement without reporting it could lead to further legal or ethical issues. Forensic acquisition and attribution, while important, should not take precedence over notifying the customer about a security risk.